Finite Fields Computations in Maxima
|
|
- Beverley Harris
- 5 years ago
- Views:
Transcription
1 Finite Fields Computations in Maxima Fabrizio Caruso Jacopo D Aurizio elianto84@gmail.com Alasdair McAndrew amca01@gmail.com April, 2008 This file documents the Maxima file gf.mac, which is a Maxima package for finite fields. This package is part of standard Maxima since version If you use version 5.15 the package is split in two files gf.mac and gf roots.mac. In subsequent versions the whole package is contained in gf.mac. This package is also suitable for teaching and exploration and it offers an easier interface than other comparable libraries such as the finite library in Axiom (provided by the domain constructor FFP). The first version of the package was based on the paper Finite Fields Manipulations in Macsyma by Kevin Rowley and Robert Silverman, SIGSAM 1989, but for which the source code is long gone. The version included in Maxima contains lots of new features and optimizations implemented by Fabrizio Caruso and Jacopo D Aurizio. In order to use the package it is enough to start and version of Maxima from 5.15 and use the command: (%i2) load(gf); will load all the functions. If you use version 5.14 then you must also do (%i2) load(gf_roots); Getting started All user commands are prefixed with gf_ ; you need to start by entering the parameters for your field. All fields in this package are of the form F p [x]/m(x) where p is a prime number and m(x) is an polynomial irreducible over F p. If the degree of m(x) is n, the the finite field will contain p n elements, each element being a polynomial of degree strictly less than n, and all coefficients being in {0,1,...,p 1}. Such a field is called a finite field or Galois field of order p n, and is denoted F p n. Note that although there are many different irreducible polynomials to choose from, if m(x) and n(x) are different polynomials irreducible over F p and of the same degree, then the fields and F p [x]/m(x) F p [x]/n(x) are isomorphic. 1
2 In these fields, addition and subtraction are performed on the coefficients modulo p, and multiplication and division modulo m(x). To create a field, you need the parameters p, m(x) and optionally n which is the degree of m(x). The form of the command is or or gf_set(p,n,m(x)); gf_set(p,m(x)); gf_set(p); gf_set checks that p is prime, and if GF IRREDUCIBILITY CHECK is set to it also checks whether m(x) is irreducible. If these conditions are satisfied, the command performs some background calculations (discussed below), and returns. (%i3) gf_set(2,4,x^4+x+1); (%o3) The package comes also with two test files gf test.mac and gf hard test.mac which can be run with the command batch(<path to test file>,test). Having set up the field, we can now perform arithmetic on field elements: Addition/subtraction. These are performed with the commands gf_add and gf_sub. In the particular field entered above, since all arithmetic of coefficients is performed modulo 2, addition and subtraction are equivalent: (%i4) a:x^3+x^2+1; (%o4) x 3 + x (%i5) b:x^3+x+1; (%o5) x 3 + x + 1 (%i6) gf_add(a,b); (%o6) x 2 + x Multiplication. This is performed with the command gf_mul : (%i7) gf_mul(a,b); (%o7) x 2 + x 2
3 Inversion and division. The inverse of a field element p(x) is the element q(x) for which their product is equal to 1 (modulo m(x)). This is performed using gf_inv. In a finite field, division is defined as multiplying by the inverse; thus a(x)/b(x) = a(x)(b(x)) 1. These operations are performed with the commands gf_inv and gf_div : (%i8) gf_inv(b); (%o8) x (%i9) gf_div(a,b); (%o9) x 3 + x 2 (%i10) gf_mul(a,gf_inv(b)); (%o10) x 3 + x 2 Exponentiation. To raise a field element to an integer power, use gf_exp : (%i11) gf_exp(a,10); (%o11) x 2 + x + 1 (%i12) gf_exp(a,15); (%o12) 1 Random elements. Finally, a random element can be obtained with gf_rand() : (%i13) makelist(gf_rand(),i,1,4); (%o13) [x 3 + x 2 + x,x 3 + x 2 + x + 1,x 3 + x 2 + x + 1,x 2 + x] (%i14) M:genmatrix(lambda([i,j],gf_rand()),3,3); (%o14) x 3 + x 2 + x x 3 x 3 + x 2 x 2 x 3 + x x 3 + x + 1 x 2 + x x 3 + x 2 + x + 1 x 2 Primitive elements, powers and logarithms The non-zero elements of a finite field form a multiplicative group; a generator of this group is a primitive element of the field. The command gf_findprim() finds a primitive element: (%i15) gf_findprim(); (%o15) x Given that any non-zero element in the field can be expressed as a power of this primitive element, this power is the index of the element; its value is obtained with gf_ind : (%i16) a:x^3+x^2+1; (%o16) x 3 + x (%i17) gf_ind(a); (%o17) 13 3
4 (%i18) ev(a=gf_exp(x,13)),pred; (%o18) Since every element of the field can be represented as a polynomial a n 1 x n 1 + a n 2 x n a 2 x 2 + a 1 x + a 0 where every coefficient a i satisfies 0 a i p 1, a field element can also be considered as a list: [a n 1,a n 2,...,a 2,a 1,a 0 ]. This list can be considered as the digits of a number in base p, in which the field element is equivalent to the number a n 1 p n 1 + a n 2 p n a 2 p 2 + a 1 p + a 0. Thus every polynomial is equivalent to a number between 0 and p n 1; this number can be obtained by the poly2num command. This command is actually not needed by the user; it is used for some internal commands. The other direction is given by num2poly. Since every non-zero field element a = a(x) is both equivalent to a number A and a power i of a primitive element e, we can create a list of powers corresponding to particular numbers. This list, gp, which is created by gf_set, is defined as follows: its i-th element is the numerical form of the i-th power of the primitive element. Thus, if a(x) A e i where e is the primitive element, then the i-th element of gp is A. By definition we have e pn 1 = 1. The numbers A run over all integers from 1 to p n 1, and the powers i run over all the integers from 0 to p n 2, there is a corresponding logarithm list, lg. The logarithm table may be considered to be indexed from 0 to p n 2, and its i-th element is the power corresponding to that element: (%i19) lg[10]; (%o19) 9 (%i20) num2poly(9); (%o20) x 3 + x (%i21) gf_ind(%); (%o21) 9 The creation of the lists gp and lg may take a few seconds, but they only have to be done once. Logarithms. The list lg produces the logarithm (with respect to the primitive element e) of any non-zero element of the field. But the logarithm of any element relative to the base of another can be obtained with the command gf_log : (%i22) a:x^2+1+1; (%o22) x 2 + x + 1 (%i23) b:x^3+x^2+1; (%o23) x 3 + x (%i24) gf_log(a,b); (%o24) 10 4
5 We conclude that, in our field, a = b 10. Primitive elements. A given field will have many primitive elements, and the command gf_primep tests an element to see if it is primitive: (%i25) gf_primep(x^3+x+1); (%o25) (%i26) gf_primep(x^2+x); (%o26) false Order. By definition, any element a of the field will satisfy a pn 1 = 1. The order of a is the lowest power m for which a m = 1. It will be a factor of p n 1, and is obtained with gf_ord : (%i27) gf_ord(x^2+x); (%o27) 3 (%i28) gf_ord(x^3+x+1); (%o28) 15 Minimal polynomials Associated with every element a GF(p n ) is a polynomial p(x) which satisfies: 1. p(a) = 0, 2. the coefficient of the highest power in p(x) is one, 3. for any other polynomial q(x) with q(a) = 0, p(x) is a divisor of q(x). The polynomial p(x) is thus, in a very strict sense, the smallest polynomial which has a as a root. It is the minimal polynomial of a. The command gf_minpoly calculates it: (%i29) a:x^3+x+1$ (%i30) p:gf_minpoly(a); (%o30) z 5 + z To check this, substitute a for z in p: (%i31) subst(a,z,p); (%o31) (x 3 + x + 1) 5 + (x 3 + x + 1) (%i32) gf_eval(); (%o32) 0 5
6 An application: the Chor-Rivest knapsack cryptosystem The Chor-Rivest knapsack cryptosystem is the only knapsack cryptosystem which doesn t use modular arithmetic; instead it uses the arithmetic of finite fields. Although it has been broken, it is still a very good example of finite field arithmetic. Assuming the two protagonists are Alice and Bob, and Alice wishes to set up a public key for Bob to encrypt messages to her. Alice chooses a finite field F p n = F p [x]/m(x), and a random primitive element g(x). She then computes a i = log g(x) (x + i) for every i F p. She selects a random integer d for which 0 d p n 2, and computes c i = (a i + d) (mod p n 1). Her public key is the sequence c i, with the parameters p and n. To encrypt a message to Alice, Bob encodes the message as binary blocks of length p which contain n ones. Given one such block M = (M 0,M 1,...,M p 1 ), Bob creates the cipher text p 1 c = M i c i (mod p n 1) i=0 which he send to Alice. To decrypt c, Alice first computes r = (c nd) (mod p n 1), and then computes u(x) = g(x) r (mod m(x)). She then computes s(x) = u(x)+m(x) and factors s into linear factors x+t i. The t i values are the positions of the ones in the message block M. Actually, the complete cryptosystem also involves a permutation, which is applied to the sequence a i to create c i. But for this example we are just interested in the field arithmetic. We shall choose the example given in chapter 8 of HAC, but without the permutation. Here the field is GF(7 4 ) = F 7 [x]/(x 4 + 3x 3 + 5x 2 + 6x + 2) and the primitive element chosen is g(x) = 3x 3 + 3x and the random integer d is First, Alice must compute her public key: (%i33) gf_set(7,4,x^4+3*x^3+5*x^2+6*x+2); (%o33) (%i34) g:3*x^3+3*x^2+6; (%o34) 3x 3 + 3x (%i35) gf_primep(g); (%o35) (%i36) a:makelist(gf_log(x+i,g),i,0,6); (%o36) [1028, 1935, 2054, 1008, 379, 1780, 223] (%i37) d:1702$ (%i38) c:makelist(mod(a[i]+d,base^exp-1),i,1,7); (%o38) [330, 1237, 1356, 310, 2081, 1082, 1925] Now Bob can encrypt a message to Alice; suppose one such block is [1,0,1,1,0,0,1], which is a block of length 7 which contains exactly 4 ones. (%i39) M:[1,0,1,1,0,0,1]; (%o39) [1,0,1,1,0,0,1] (%i40) ord:base^exp-1; (%o40)
7 (%i41) c:mod(sum(m[i]*c[i],i,1,7),ord); (%o41) 1521 This last value is the ciphertext. Alice now needs to decrypt it: (%i42) r:mod(c-exp*d,ord); (%o42) 1913 (%i43) u:gf_exp(g,r); (%o43) x 3 + 3x 2 + 2x + 5 (%i44) s:u+px; (%o44) x 4 + 4x 3 + 8x 2 + 8x + 7 (%i45) factor(s); (%o45) (x 1)x(x + 2)(x + 3) The t i values are thus 1,0,2,3, which modulo 7 are 6,0,2,3 and these are the positions of the ones in M. Matrices There are two commands for dealing with matrices over finite fields: gf_matinv for inverting a matrix, and gf_matmul for multiplying matrices. Using the matrix M generated previously: (%i46) MI:gf_matinv(M); (%o46) x 2 x 3 + x 2 + x + 1 x 3 x 3 + x + 1 x 2 + x x 3 + x + 1 x 0 x 3 + x + 1 (%i47) gf_matmul(m,mi); (%o47) Normal Bases Any field GF(p n ) may be considered as a vector space over F p ; one basis is the set {1,x,x 2,...,x n 1 } which is called the polynomial basis. A normal element is a field element e for which the set {e,e p,e p2,...,e pn 1 } forms a basis. There are several commands for dealing with normal elements and bases. The command gf_findnorm() finds a normal element by simply picking field elements at random and testing each one for normality. Although this is a probabilistic algorithm, in practice it works very quickly: (%i48) gf_set(2,10,x^10+x^3+1); (%o48) (%i49) pe:gf_findnorm(); (%o49) 7
8 x 9 + x 7 + x 6 + x 5 + x 4 + x 2 + x The command gf_sfindnorm() is a brute force search through all field elements; in general it is slower than gf_findnorm(). Having found a normal element the command gf_normbasis() produces a matrix the rows of which are the coefficients of the basis elements e pk. This command takes an optional parameter; a polynomial p. If present, gf_normbasis() checks if the field element is normal, and if so, produces the matrix, otherwise prints an error message. If the parameter is not given, gf_normbasis() first finds a normal element, and then uses that element to produce the matrix. With the normal basis, the command gf_nbrep(p,m) produces the normal basis representation of p, with respect to the basis M, as a list of coefficients. One attraction of using normal bases is that much arithmetic can be simplified; for example, in a normal basis representation, a power of the prime p is equivalent to a shift of coefficients: (%i50) M:gf_normbasis(pe)$ (%i51) a:gf_rand(); (%o51) x 9 + x 7 + x 6 + x 5 + x 3 + x 2 + x (%i52) gf_nbrep(a,m); (%o52) [0,0,0,1,0,1,0,0,1,0] (%i53) gf_nbrep(gf_exp(a,2),m); (%o53) [0,0,1,0,1,0,0,1,0,0] Large fields If the flag largefield is set to false then the gf set command will not find a primitive element, instead it will compute a full table of powers and logarithms. If the flag is set to, the opposite happens: no tables are precomputed and a primitive element is found. The default value for largefield is because this is the best choice for large and medium size finite fields. The default value of largefield has the following effects 1. A primitive element is found, but the power and logarithm tables are not calculated. 2. The command gf_exp, instead of using table lookups, uses the simple repeat squaring algorithm. 3. The command gf_log, instead of using table lookups, uses the Pohlig-Hellman algorithm. This is most efficient if p n 1 has only small prime factors. A disadvantage is that every operation now may take more time when the finite field is extremely small. (%i54) largefield:$ (%i55) gf_set(2,20,x^20+x^3+1); (%o55) (%i56) a:x^15+x^5+1; (%o56) x 15 + x (%i57) gf_ind(a); (%o57)
9 (%i58) gf_exp(a,3^12); (%o58) x 17 + x 16 + x 13 + x 12 + x 11 + x 3 + x 2 + x It is up to the user to decide when a field is large enough for the largefield flag to be set to false. Square and cube roots Multiple algorithms have been implemented in order to solve the square and cube root extraction problem over F p ; all of them basically perform an exponentiation in a extension field (ie F p 2 = F p [x]/(x 2 + bx + a) or F p 3 = F p [x]/(x 3 bx a)) through a repeated-squaring scheme, reaching so a complexity of O(n log(p)) multiplications in F p ; however, due to some differences in the representation and multiplication of elements in the extension field, they do not have exactly the same running time: 1. msqrt(a,p) returns the two square roots of a in F p (if they exist) representing every k-th power of x in F p [x]/(x 2 + bx + a) as the first column of the matrix M k, where M is the companion matrix associated with the polynomial x 2 + bx + a and b 2 4a is a quadratic non-residue in F p. It requires 5log 2 (p) multiplications in F p. 2. ssqrt(a,p) returns the two square roots of a in F p (if they exist) using Shanks algorithm. It requires 5log 2 (p) multiplications in F p. 3. gf_sqrt(a,p) returns the two square roots of a in F p (if they exist) using the Muller algorithm (an improved, shifted version of Cipolla-Lehmer s) and should reach the best performance, requiring only 2log 2 (p) multiplications in F p. 4. mcbrt(a,p) returns the cube roots of a in F p (if they exist) representing every k-th power of x in F p [x]/(x 3 + bx + a) as the vector (M 2,2,M 2,3,M 3,2 ) in the matrix M k, where M is the companion matrix associated with the polynomial x 3 + bx + a, irreducible over F p (Stickelberger-Redei irreducibility test for cubic polynomials is used). It requires 10log 2 (p) multiplications in F p. 5. scbrt(a,p) follows the same multiplication steps of mcbrt(a,p), using a simpler polynomial representation for the elements of the field extension. It requires about 11log 2 (p) multiplications in F p. 6. gf_cbrt(a,p) returns the cube roots of a in F p (if they exist) using the generalized Shanks algorithm: it s pretty fast, requiring about 4log 2 (p) multiplications in F p, being so the candidate choice for cube root extraction. Other implemented routines, using about the same ideas, are: 1. fastfib(n) and fastlucas(n), returning the n-th Fibonacci and Lucas numbers through a Muller-like scheme; they require exactly 2 squarings and 3 sums for each bit in the binary representation of n, having so a bit-complexity bounded by 2log 2 (n) 3+ε, with ε depending on the adopted integer squaring algorithm. 2. qsplit(p) and csplit(p), splitting a prime p over Z[i] and Z[ω], ie finding (a,b) such that p = a 2 + b 2 (this is possible only when p is in the form 4k + 1) or p = a 2 + ab + b 2 (this is possible only when p is in the form 3k +1), by the reduction of a binary quadratic form of the proper discriminant. They have the same complexity of the computation of a single Jacobi symbol, O(log(p) 2 ) bit-operations. 9
10 (%i8) msqrt(64,1789); ssqrt(64,1789); gf_sqrt(64,1789); (%o8) [1781,8] (%o9) [8,1781] (%o10) [1781,8] (%i11) mcbrt(64,1789); scbrt(64,1789); gf_cbrt(64,1789); (%o11) [4, 608, 1177] (%o12) [4, 608, 1177] (%o13) [4, 1177, 608] (%i14) modulus:1789; factor(x^3-64); modulus:false; (%o14) (%o15) (x 608)(x 4)(x + 612) (%o16) false (%i17) qsplit(1789); csplit(1789); (%o17) [5,42] (%o18) [12,35] (%i19) fastfib(137); fastlucas(141); (%o19) (%o20)
Finite Fields Computations in Maxima
Finite Fields Computations in Maxima Fabrizio Caruso caruso@dm.unipi.it Jacopo D Aurizio elianto84@gmail.com Alasdair McAndrew amca01@gmail.com Volker van Nek volkervannek@gmail.com April, 2008 - December,
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor RSA Public Key Encryption Factoring Algorithms Lecture 7 Tel-Aviv University Revised March 1st, 2008 Reminder: The Prime Number Theorem Let π(x) denote the
More informationLecture Notes, Week 6
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Week 6 (rev. 3) Professor M. J. Fischer February 15 & 17, 2005 1 RSA Security Lecture Notes, Week 6 Several
More informationduring transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL
THE MATHEMATICAL BACKGROUND OF CRYPTOGRAPHY Cryptography: used to safeguard information during transmission (e.g., credit card number for internet shopping) as opposed to Coding Theory: used to transmit
More informationOne can use elliptic curves to factor integers, although probably not RSA moduli.
Elliptic Curves Elliptic curves are groups created by defining a binary operation (addition) on the points of the graph of certain polynomial equations in two variables. These groups have several properties
More informationMathematical Foundations of Cryptography
Mathematical Foundations of Cryptography Cryptography is based on mathematics In this chapter we study finite fields, the basis of the Advanced Encryption Standard (AES) and elliptical curve cryptography
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 11 February 21, 2013 CPSC 467b, Lecture 11 1/27 Discrete Logarithm Diffie-Hellman Key Exchange ElGamal Key Agreement Primitive Roots
More informationCandidates must show on each answer book the type of calculator used. Only calculators permitted under UEA Regulations may be used.
UNIVERSITY OF EAST ANGLIA School of Mathematics May/June UG Examination 2010 2011 CRYPTOGRAPHY Time allowed: 2 hours Attempt THREE questions. Candidates must show on each answer book the type of calculator
More informationDiscrete Logarithm Problem
Discrete Logarithm Problem Finite Fields The finite field GF(q) exists iff q = p e for some prime p. Example: GF(9) GF(9) = {a + bi a, b Z 3, i 2 = i + 1} = {0, 1, 2, i, 1+i, 2+i, 2i, 1+2i, 2+2i} Addition:
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 13 March 3, 2013 CPSC 467b, Lecture 13 1/52 Elliptic Curves Basics Elliptic Curve Cryptography CPSC
More informationMathematics of Cryptography
UNIT - III Mathematics of Cryptography Part III: Primes and Related Congruence Equations 1 Objectives To introduce prime numbers and their applications in cryptography. To discuss some primality test algorithms
More informationChapter 4 Finite Fields
Chapter 4 Finite Fields Introduction will now introduce finite fields of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public Key concern operations on numbers what constitutes a number
More informationElliptic Curve Cryptography
Elliptic Curve Cryptography Elliptic Curves An elliptic curve is a cubic equation of the form: y + axy + by = x 3 + cx + dx + e where a, b, c, d and e are real numbers. A special addition operation is
More information8 Elliptic Curve Cryptography
8 Elliptic Curve Cryptography 8.1 Elliptic Curves over a Finite Field For the purposes of cryptography, we want to consider an elliptic curve defined over a finite field F p = Z/pZ for p a prime. Given
More informationContinuing discussion of CRC s, especially looking at two-bit errors
Continuing discussion of CRC s, especially looking at two-bit errors The definition of primitive binary polynomials Brute force checking for primitivity A theorem giving a better test for primitivity Fast
More informationCIS 551 / TCOM 401 Computer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 15 3/20/08 CIS/TCOM 551 1 Announcements Project 3 available on the web. Get the handout in class today. Project 3 is due April 4th It
More informationPublic Key Encryption
Public Key Encryption KG October 17, 2017 Contents 1 Introduction 1 2 Public Key Encryption 2 3 Schemes Based on Diffie-Hellman 3 3.1 ElGamal.................................... 5 4 RSA 7 4.1 Preliminaries.................................
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 9 February 14, 2013 CPSC 467b, Lecture 9 1/42 Integer Division (cont.) Relatively prime numbers, Z n, and φ(n) Computing in Z n
More informationLemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).
1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not
More information17 Galois Fields Introduction Primitive Elements Roots of Polynomials... 8
Contents 17 Galois Fields 2 17.1 Introduction............................... 2 17.2 Irreducible Polynomials, Construction of GF(q m )... 3 17.3 Primitive Elements... 6 17.4 Roots of Polynomials..........................
More information8.1 Principles of Public-Key Cryptosystems
Public-key cryptography is a radical departure from all that has gone before. Right up to modern times all cryptographic systems have been based on the elementary tools of substitution and permutation.
More informationPublic-Key Cryptosystems CHAPTER 4
Public-Key Cryptosystems CHAPTER 4 Introduction How to distribute the cryptographic keys? Naïve Solution Naïve Solution Give every user P i a separate random key K ij to communicate with every P j. Disadvantage:
More informationTheory of Computation Chapter 12: Cryptography
Theory of Computation Chapter 12: Cryptography Guan-Shieng Huang Dec. 20, 2006 0-0 Introduction Alice wants to communicate with Bob secretely. x Alice Bob John Alice y=e(e,x) y Bob y??? John Assumption
More informationInformation Theory. Lecture 7
Information Theory Lecture 7 Finite fields continued: R3 and R7 the field GF(p m ),... Cyclic Codes Intro. to cyclic codes: R8.1 3 Mikael Skoglund, Information Theory 1/17 The Field GF(p m ) π(x) irreducible
More informationChapter 4 Mathematics of Cryptography
Chapter 4 Mathematics of Cryptography Part II: Algebraic Structures Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 4.1 Chapter 4 Objectives To review the concept
More information10 Public Key Cryptography : RSA
10 Public Key Cryptography : RSA 10.1 Introduction The idea behind a public-key system is that it might be possible to find a cryptosystem where it is computationally infeasible to determine d K even if
More informationDiscrete Logarithm Problem
Discrete Logarithm Problem Çetin Kaya Koç koc@cs.ucsb.edu (http://cs.ucsb.edu/~koc/ecc) Elliptic Curve Cryptography lect08 discrete log 1 / 46 Exponentiation and Logarithms in a General Group In a multiplicative
More informationEncryption: The RSA Public Key Cipher
Encryption: The RSA Public Key Cipher Michael Brockway March 5, 2018 Overview Transport-layer security employs an asymmetric public cryptosystem to allow two parties (usually a client application and a
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 14 October 23, 2017 CPSC 467, Lecture 14 1/42 Computing in Z n Modular multiplication Modular inverses Extended Euclidean algorithm
More informationTHE CUBIC PUBLIC-KEY TRANSFORMATION*
CIRCUITS SYSTEMS SIGNAL PROCESSING c Birkhäuser Boston (2007) VOL. 26, NO. 3, 2007, PP. 353 359 DOI: 10.1007/s00034-006-0309-x THE CUBIC PUBLIC-KEY TRANSFORMATION* Subhash Kak 1 Abstract. This note proposes
More informationPublic Key Cryptography
Public Key Cryptography Spotlight on Science J. Robert Buchanan Department of Mathematics 2011 What is Cryptography? cryptography: study of methods for sending messages in a form that only be understood
More informationCourse MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography
Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2000 2013 Contents 9 Introduction to Number Theory 63 9.1 Subgroups
More informationMATH 158 FINAL EXAM 20 DECEMBER 2016
MATH 158 FINAL EXAM 20 DECEMBER 2016 Name : The exam is double-sided. Make sure to read both sides of each page. The time limit is three hours. No calculators are permitted. You are permitted one page
More informationPublic-Key Encryption: ElGamal, RSA, Rabin
Public-Key Encryption: ElGamal, RSA, Rabin Introduction to Modern Cryptography Benny Applebaum Tel-Aviv University Fall Semester, 2011 12 Public-Key Encryption Syntax Encryption algorithm: E. Decryption
More informationCommutative Rings and Fields
Commutative Rings and Fields 1-22-2017 Different algebraic systems are used in linear algebra. The most important are commutative rings with identity and fields. Definition. A ring is a set R with two
More informationDiscrete Mathematics and Probability Theory Spring 2016 Rao and Walrand Discussion 6A Solution
CS 70 Discrete Mathematics and Probability Theory Spring 2016 Rao and Walrand Discussion 6A Solution 1. Polynomial intersections Find (and prove) an upper-bound on the number of times two distinct degree
More informationDiscrete Mathematics GCD, LCM, RSA Algorithm
Discrete Mathematics GCD, LCM, RSA Algorithm Abdul Hameed http://informationtechnology.pk/pucit abdul.hameed@pucit.edu.pk Lecture 16 Greatest Common Divisor 2 Greatest common divisor The greatest common
More informationSecurity Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography
Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography Peter Schwabe October 21 and 28, 2011 So far we assumed that Alice and Bob both have some key, which nobody else has. How
More informationModular Multiplication in GF (p k ) using Lagrange Representation
Modular Multiplication in GF (p k ) using Lagrange Representation Jean-Claude Bajard, Laurent Imbert, and Christophe Nègre Laboratoire d Informatique, de Robotique et de Microélectronique de Montpellier
More informationOther Public-Key Cryptosystems
Other Public-Key Cryptosystems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationElliptic Curve Cryptography
Areas for Discussion Elliptic Curve Cryptography Joseph Spring Department of Computer Science 7COM1027 - Distributed Systems Security Lecture - Elliptic Curves 1 1 Motivation Elliptic Curves Security of
More information10 Modular Arithmetic and Cryptography
10 Modular Arithmetic and Cryptography 10.1 Encryption and Decryption Encryption is used to send messages secretly. The sender has a message or plaintext. Encryption by the sender takes the plaintext and
More informationPublic Key Cryptography
Public Key Cryptography Introduction Public Key Cryptography Unlike symmetric key, there is no need for Alice and Bob to share a common secret Alice can convey her public key to Bob in a public communication:
More information3x + 1 (mod 5) x + 2 (mod 5)
Today. Secret Sharing. Polynomials Polynomials. Secret Sharing. Share secret among n people. Secrecy: Any k 1 knows nothing. Roubustness: Any k knows secret. Efficient: minimize storage. A polynomial P(x)
More informationCOMPUTER ARITHMETIC. 13/05/2010 cryptography - math background pp. 1 / 162
COMPUTER ARITHMETIC 13/05/2010 cryptography - math background pp. 1 / 162 RECALL OF COMPUTER ARITHMETIC computers implement some types of arithmetic for instance, addition, subtratction, multiplication
More informationOverview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017
CSC 580 Cryptography and Computer Security Math for Public Key Crypto, RSA, and Diffie-Hellman (Sections 2.4-2.6, 2.8, 9.2, 10.1-10.2) March 21, 2017 Overview Today: Math needed for basic public-key crypto
More informationOther Public-Key Cryptosystems
Other Public-Key Cryptosystems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 10-1 Overview 1. How to exchange
More informationRSA RSA public key cryptosystem
RSA 1 RSA As we have seen, the security of most cipher systems rests on the users keeping secret a special key, for anyone possessing the key can encrypt and/or decrypt the messages sent between them.
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer 1 Lecture 13 October 16, 2017 (notes revised 10/23/17) 1 Derived from lecture notes by Ewa Syta. CPSC 467, Lecture 13 1/57 Elliptic Curves
More information2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms
CRYPTOGRAPHY 19 Cryptography 5 ElGamal cryptosystems and Discrete logarithms Definition Let G be a cyclic group of order n and let α be a generator of G For each A G there exists an uniue 0 a n 1 such
More informationJoseph Fadyn Kennesaw State University 1100 South Marietta Parkway Marietta, Georgia
ELLIPTIC CURVE CRYPTOGRAPHY USING MAPLE Joseph Fadyn Kennesaw State University 1100 South Marietta Parkway Marietta, Georgia 30060 jfadyn@spsu.edu An elliptic curve is one of the form: y 2 = x 3 + ax +
More informationIntroduction to Cryptography
Introduction to Cryptography Hong-Jian Lai West Virginia University, Morgantown, WV 26506-6310 Version 2007 March 2, 2007 TABLE OF CONTENTS I. Divisibility.............................................................................
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 33 The Diffie-Hellman Problem
More informationCryptography CS 555. Topic 18: RSA Implementation and Security. CS555 Topic 18 1
Cryptography CS 555 Topic 18: RSA Implementation and Security Topic 18 1 Outline and Readings Outline RSA implementation issues Factoring large numbers Knowing (e,d) enables factoring Prime testing Readings:
More informationGF(2 m ) arithmetic: summary
GF(2 m ) arithmetic: summary EE 387, Notes 18, Handout #32 Addition/subtraction: bitwise XOR (m gates/ops) Multiplication: bit serial (shift and add) bit parallel (combinational) subfield representation
More information} has dimension = k rank A > 0 over F. For any vector b!
FINAL EXAM Math 115B, UCSB, Winter 2009 - SOLUTIONS Due in SH6518 or as an email attachment at 12:00pm, March 16, 2009. You are to work on your own, and may only consult your notes, text and the class
More information2. Polynomials. 19 points. 3/3/3/3/3/4 Clearly indicate your correctly formatted answer: this is what is to be graded. No need to justify!
1. Short Modular Arithmetic/RSA. 16 points: 3/3/3/3/4 For each question, please answer in the correct format. When an expression is asked for, it may simply be a number, or an expression involving variables
More informationLecture 22: RSA Encryption. RSA Encryption
Lecture 22: Recall: RSA Assumption We pick two primes uniformly and independently at random p, q $ P n We define N = p q We shall work over the group (Z N, ), where Z N is the set of all natural numbers
More informationA field F is a set of numbers that includes the two numbers 0 and 1 and satisfies the properties:
Byte multiplication 1 Field arithmetic A field F is a set of numbers that includes the two numbers 0 and 1 and satisfies the properties: F is an abelian group under addition, meaning - F is closed under
More informationQuasi-reducible Polynomials
Quasi-reducible Polynomials Jacques Willekens 06-Dec-2008 Abstract In this article, we investigate polynomials that are irreducible over Q, but are reducible modulo any prime number. 1 Introduction Let
More informationMATH3302 Cryptography Problem Set 2
MATH3302 Cryptography Problem Set 2 These questions are based on the material in Section 4: Shannon s Theory, Section 5: Modern Cryptography, Section 6: The Data Encryption Standard, Section 7: International
More informationLogic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation
Quantum logic gates Logic gates Classical NOT gate Quantum NOT gate (X gate) A NOT A α 0 + β 1 X α 1 + β 0 A N O T A 0 1 1 0 Matrix form representation 0 1 X = 1 0 The only non-trivial single bit gate
More informationPublic Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.
Public Key Cryptography All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other. The thing that is common among all of them is that each
More informationFinite Fields. Mike Reiter
1 Finite Fields Mike Reiter reiter@cs.unc.edu Based on Chapter 4 of: W. Stallings. Cryptography and Network Security, Principles and Practices. 3 rd Edition, 2003. Groups 2 A group G, is a set G of elements
More informationTi Secured communications
Ti5318800 Secured communications Pekka Jäppinen September 20, 2007 Pekka Jäppinen, Lappeenranta University of Technology: September 20, 2007 Relies on use of two keys: Public and private Sometimes called
More informationMathematics of Public Key Cryptography
Mathematics of Public Key Cryptography Eric Baxter April 12, 2014 Overview Brief review of public-key cryptography Mathematics behind public-key cryptography algorithms What is Public-Key Cryptography?
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 9 February 6, 2012 CPSC 467b, Lecture 9 1/53 Euler s Theorem Generating RSA Modulus Finding primes by guess and check Density of
More informationToday. Polynomials. Secret Sharing.
Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is it? Any one of you knows nothing! Any two of you can figure it out! Example Applications: Nuclear launch: need
More informationFinite Fields and Error-Correcting Codes
Lecture Notes in Mathematics Finite Fields and Error-Correcting Codes Karl-Gustav Andersson (Lund University) (version 1.013-16 September 2015) Translated from Swedish by Sigmundur Gudmundsson Contents
More informationLattices. A Lattice is a discrete subgroup of the additive group of n-dimensional space R n.
Lattices A Lattice is a discrete subgroup of the additive group of n-dimensional space R n. Lattices have many uses in cryptography. They may be used to define cryptosystems and to break other ciphers.
More informationFinal Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.
Final Exam Math 10: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 0 April 2002 :0 11:00 a.m. Instructions: Please be as neat as possible (use a pencil), and show
More information1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2
Contents 1 Recommended Reading 1 2 Public Key/Private Key Cryptography 1 2.1 Overview............................................. 1 2.2 RSA Algorithm.......................................... 2 3 A Number
More informationGurgen Khachatrian Martun Karapetyan
34 International Journal Information Theories and Applications, Vol. 23, Number 1, (c) 2016 On a public key encryption algorithm based on Permutation Polynomials and performance analyses Gurgen Khachatrian
More information9 Knapsack Cryptography
9 Knapsack Cryptography In the past four weeks, we ve discussed public-key encryption systems that depend on various problems that we believe to be hard: prime factorization, the discrete logarithm, and
More informationPublic Key Cryptography
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Public Key Cryptography EECE 412 1 What is it? Two keys Sender uses recipient s public key to encrypt Receiver uses his private key to decrypt
More informationEE 229B ERROR CONTROL CODING Spring 2005
EE 9B ERROR CONTROL CODING Spring 005 Solutions for Homework 1. (Weights of codewords in a cyclic code) Let g(x) be the generator polynomial of a binary cyclic code of length n. (a) Show that if g(x) has
More informationLecture 7: ElGamal and Discrete Logarithms
Lecture 7: ElGamal and Discrete Logarithms Johan Håstad, transcribed by Johan Linde 2006-02-07 1 The discrete logarithm problem Recall that a generator g of a group G is an element of order n such that
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationGalois fields/1. (M3) There is an element 1 (not equal to 0) such that a 1 = a for all a.
Galois fields 1 Fields A field is an algebraic structure in which the operations of addition, subtraction, multiplication, and division (except by zero) can be performed, and satisfy the usual rules. More
More informationCRYPTOGRAPHY AND NUMBER THEORY
CRYPTOGRAPHY AND NUMBER THEORY XINYU SHI Abstract. In this paper, we will discuss a few examples of cryptographic systems, categorized into two different types: symmetric and asymmetric cryptography. We
More informationIntroduction to Cryptography. Lecture 8
Introduction to Cryptography Lecture 8 Benny Pinkas page 1 1 Groups we will use Multiplication modulo a prime number p (G, ) = ({1,2,,p-1}, ) E.g., Z 7* = ( {1,2,3,4,5,6}, ) Z p * Z N * Multiplication
More informationElliptic Curves. Giulia Mauri. Politecnico di Milano website:
Elliptic Curves Giulia Mauri Politecnico di Milano email: giulia.mauri@polimi.it website: http://home.deib.polimi.it/gmauri May 13, 2015 Giulia Mauri (DEIB) Exercises May 13, 2015 1 / 34 Overview 1 Elliptic
More informationThe RSA cryptosystem and primality tests
Mathematics, KTH Bengt Ek November 2015 Supplementary material for SF2736, Discrete mathematics: The RSA cryptosystem and primality tests Secret codes (i.e. codes used to make messages unreadable to outsiders
More informationElliptic Curve Computations (1) View the graph and an elliptic curve Graph the elliptic curve y 2 = x 3 x over the real number field R.
Elliptic Curve Computations (1) View the graph and an elliptic curve Graph the elliptic curve y 2 = x 3 x over the real number field R. >> v = y^2 - x*(x-1)*(x+1) v = y^2 - x*(x-1)*(x+1) >> ezplot(v, [-1,3,-5,5])
More informationFields in Cryptography. Çetin Kaya Koç Winter / 30
Fields in Cryptography http://koclab.org Çetin Kaya Koç Winter 2017 1 / 30 Field Axioms Fields in Cryptography A field F consists of a set S and two operations which we will call addition and multiplication,
More informationRings. EE 387, Notes 7, Handout #10
Rings EE 387, Notes 7, Handout #10 Definition: A ring is a set R with binary operations, + and, that satisfy the following axioms: 1. (R, +) is a commutative group (five axioms) 2. Associative law for
More informationNumber Theory. Modular Arithmetic
Number Theory The branch of mathematics that is important in IT security especially in cryptography. Deals only in integer numbers and the process can be done in a very fast manner. Modular Arithmetic
More informationPolynomials. Chapter 4
Chapter 4 Polynomials In this Chapter we shall see that everything we did with integers in the last Chapter we can also do with polynomials. Fix a field F (e.g. F = Q, R, C or Z/(p) for a prime p). Notation
More information1 The Fundamental Theorem of Arithmetic. A positive integer N has a unique prime power decomposition. Primality Testing. and. Integer Factorisation
1 The Fundamental Theorem of Arithmetic A positive integer N has a unique prime power decomposition 2 Primality Testing Integer Factorisation (Gauss 1801, but probably known to Euclid) The Computational
More informationRSA Cryptosystem and Factorization
RSA Cryptosystem and Factorization D. J. Guan Department of Computer Science National Sun Yat Sen University Kaoshiung, Taiwan 80424 R. O. C. guan@cse.nsysu.edu.tw August 25, 2003 RSA Cryptosystem was
More informationNumber theory (Chapter 4)
EECS 203 Spring 2016 Lecture 12 Page 1 of 8 Number theory (Chapter 4) Review Compute 6 11 mod 13 in an efficient way What is the prime factorization of 100? 138? What is gcd(100, 138)? What is lcm(100,138)?
More informationAlgebra. Modular arithmetic can be handled mathematically by introducing a congruence relation on the integers described in the above example.
Coding Theory Massoud Malek Algebra Congruence Relation The definition of a congruence depends on the type of algebraic structure under consideration Particular definitions of congruence can be made for
More informationCryptography. P. Danziger. Transmit...Bob...
10.4 Cryptography P. Danziger 1 Cipher Schemes A cryptographic scheme is an example of a code. The special requirement is that the encoded message be difficult to retrieve without some special piece of
More informationCS483 Design and Analysis of Algorithms
CS483 Design and Analysis of Algorithms Lectures 2-3 Algorithms with Numbers Instructor: Fei Li lifei@cs.gmu.edu with subject: CS483 Office hours: STII, Room 443, Friday 4:00pm - 6:00pm or by appointments
More informationCourse 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography
Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2006 Contents 9 Introduction to Number Theory and Cryptography 1 9.1 Subgroups
More informationNumber Theory & Modern Cryptography
Number Theory & Modern Cryptography Week 12 Stallings: Ch 4, 8, 9, 10 CNT-4403: 2.April.2015 1 Introduction Increasing importance in cryptography Public Key Crypto and Signatures Concern operations on
More informationRSA. Ramki Thurimella
RSA Ramki Thurimella Public-Key Cryptography Symmetric cryptography: same key is used for encryption and decryption. Asymmetric cryptography: different keys used for encryption and decryption. Public-Key
More informationLECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS
LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS Modular arithmetics that we have discussed in the previous lectures is very useful in Cryptography and Computer Science. Here we discuss several
More informationPublic Key Algorithms
Public Key Algorithms Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/
More informationIntroduction to Elliptic Curve Cryptography. Anupam Datta
Introduction to Elliptic Curve Cryptography Anupam Datta 18-733 Elliptic Curve Cryptography Public Key Cryptosystem Duality between Elliptic Curve Cryptography and Discrete Log Based Cryptography Groups
More information